diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-04-18 17:01:45 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-04-18 17:01:45 +0200 |
commit | 764012376a096a45bced88ee2ec1a6c17c6c22c7 (patch) | |
tree | 2881ecaf60a14d78fa122aaa697dec29060888de | |
parent | d8b5421f45c2b528bab1c8695271f99743b708fa (diff) | |
download | xen-764012376a096a45bced88ee2ec1a6c17c6c22c7.tar.gz xen-764012376a096a45bced88ee2ec1a6c17c6c22c7.tar.bz2 xen-764012376a096a45bced88ee2ec1a6c17c6c22c7.zip |
x86: remove IS_PRIV access check bypasses
Several domctl functions dealing with rangesets contain a short-circuit
bypass if the domain is privileged. Since the construction of domain 0
permits access to all I/O ranges, the call to irq_access_permitted will
normally return true even without the IS_PRIV check, and the presence of
the IS_PRIV check prevents the creation of a privileged domain without
access to specific devices or IO memory ranges.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
-rw-r--r-- | xen/arch/x86/domctl.c | 6 | ||||
-rw-r--r-- | xen/arch/x86/irq.c | 3 |
2 files changed, 3 insertions, 6 deletions
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 8fb4fa98a5..9580390594 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -645,8 +645,7 @@ long arch_do_domctl( break; ret = -EPERM; - if ( !IS_PRIV(current->domain) && - !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) ) + if ( !iomem_access_permitted(current->domain, mfn, mfn + nr_mfns - 1) ) break; ret = xsm_iomem_mapping(XSM_HOOK, d, mfn, mfn + nr_mfns - 1, add); @@ -723,8 +722,7 @@ long arch_do_domctl( } ret = -EPERM; - if ( !IS_PRIV(current->domain) && - !ioports_access_permitted(current->domain, fmp, fmp + np - 1) ) + if ( !ioports_access_permitted(current->domain, fmp, fmp + np - 1) ) break; ret = xsm_ioport_mapping(XSM_HOOK, d, fmp, fmp + np - 1, add); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index bbf413089d..b0b0c655bd 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1891,8 +1891,7 @@ int map_domain_pirq( ASSERT(spin_is_locked(&d->event_lock)); - if ( !IS_PRIV(current->domain) && - !irq_access_permitted(current->domain, irq)) + if ( !irq_access_permitted(current->domain, irq)) return -EPERM; if ( pirq < 0 || pirq >= d->nr_pirqs || irq < 0 || irq >= nr_irqs ) |